Schema for cloud_properties section used by dynamic network or manual network subnet:

subnet [String, required]: Subnet ID in which the instance will be created. Example: subnet-9be6c3f7.

security_groups [Array, optional]: Array of Security Groups, by name or ID, to apply to all VMs placed on this network. Security groups can be specified as follows, ordered by greatest precedence: vm_types, followed by networks, followed by default_security_groups.

lb_target_groups [Array, optional]: Array of Load Balancer Target Groups to which created VMs should be attached. Target Groups can be used to link Application Load Balancers (ALB) and Network Load Balancers (NLB) to instances. Example: [prod-group1, prod-group2]. Default is []. Available in v63 or newer.

auto_assign_public_ip [Boolean, optional]: Assigns a public IP address to the created VM. This IP is ephemeral and may change; use an Elastic IP instead for a persistent address. Defaults to false. Available in v55+.

source_dest_check [Boolean, optional]: Specifies whether the instance must be the source or destination of any traffic it sends or receives. If set to false, the instance does not need to be the source or destination. Used for network address translation (NAT) boxes, frequently to communicate between VPCs. Defaults to true. Requires IAM action ec2:ModifyInstanceAttribute. Available in v59+.

ephemeral_disk [Hash, optional]: EBS backed ephemeral disk of custom size. Default disk size is either the size of first instance storage disk, if the instance_type offers it, or 10GB. Before v53: Used EBS only if instance storage is not large enough or not available for selected instance type.

iops [Integer, optional]: Specifies the number of I/O operations per second to provision for the drive.

Only valid for io1 type drive.

Required when io1 type drive is specified.

encrypted [Boolean, optional] Enables encryption for the EBS backed ephemeral disk. An error is raised, if the instance_type does not support it. Since v53. Defaults to false. Overrides the global encrypted property.

kms_key_arn [String, optional] The ARN of an Amazon KMS key to use when encrypting the disk.

use_instance_storage [Boolean, optional] Forces the usage of instance storage as ephemeral disk backing. Will raise an error, if the used instance_type does not have instance storage. Cannot be combined with any other option under ephemeral_disk or with raw_instance_storage. Since v53. Defaults to false.

kms_key_arn [String, optional]: Encrypts the disk using an encryption key stored in the AWS Key Management Service (KMS). The format of the ID is XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX. Be sure to use the Key ID, not the Alias. If omitted the disk will be encrypted using the global kms_key_arn property. If, no global kms_key_arn is set will use your account's default aws/ebs encryption key.

EBS volumes are created in the availability zone of an instance that volume will be attached.

default_iam_instance_profile [String, optional]: Name of the IAM instance profile that will be applied to all created VMs. Example: director.

region [String, required]: AWS region name. Example: us-east-1

max_retries [Integer, optional]: The maximum number of times AWS service errors (500) and throttling errors (AWS::EC2::Errors::RequestLimitExceeded) should be retried. There is an exponential backoff in between retries, so the more retries the longer it can take to fail. Defaults to 2.

encrypted [Boolean, optional]: Turns on EBS volume encryption for all VM's root (system), ephemeral and persistent disks. Defaults to false. Available in v67+.

Warning

EBS volume encryption does not work for Windows stemcells due to an AWS limitation. Enabling this will not encrypt the root disk of Windows VMs.

kms_key_arn [String, optional]: Encrypts the disks using an encryption key stored in the AWS Key Management Service (KMS). The format of the ID is XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX. Be sure to use the Key ID, not the Alias. If this property is omitted and encrypted is true, the disks will be encrypted using your account's default aws/ebs encryption key. Available in v67+.